df19bf5 adtrust: add default read_keys permission for TDO objects

2 files Authored by abbra 4 years ago, Committed by tdudlak 4 years ago,
    adtrust: add default read_keys permission for TDO objects
    
    If trusted domain object (TDO) is lacking ipaAllowedToPerform;read_keys
    attribute values, it cannot be used by SSSD to retrieve TDO keys and the
    whole communication with Active Directory domain controllers will not be
    possible.
    
    This seems to affect trusts which were created before
    ipaAllowedToPerform;read_keys permission granting was introduced
    (FreeIPA 4.2). Add back the default setting for the permissions which
    grants access to trust agents and trust admins.
    
    Resolves: https://pagure.io/freeipa/issue/8067
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>